Note: This document is an unofficial translation of the Finnish language version of Iconics privacy policy (in Finnish: Tietosuojalauseke). In case of any discrepancy between the original version and the translation, the original Finnish language version shall prevail.


Iconics Oy is s a business law firm. We process personal data of our customers and potential customers responsibly to fulfil the assignments or to provide information on how we provide legal services. Data protection is one our core competence areas and therefore the protection of your privacy is a matter of honour to us.   

This privacy policy provides you with information on:

  • The types of personal data and sources of data

  • Purposes and legal basis for processing

  • Data retention

  • Cookies

  • Data subject’s rights

  • Data transfers

  • Data disclosures

  • Information security measures

  • Updates to the privacy policy


All of employees take responsibility for protecting our customers’ personal data and privacy. Please call us or send us a message if you have any questions about our data protection practices. Our contact details can be found on “Contact” section of our website.


Please note that website may contain links to third party sites. We do not control these sites. We ask you to familiarise yourself with the privacy policies of these third parties when accessing their sites.


We have a fan page on Facebook and we act as joint controllers with Facebook. We collect statistical information on likes, visits and reach of our Facebook page and visitors’ demographic profiles. We cannot identify individual users or combine statistical data with customer data described in this privacy policy. For more information, please visit Facebook privacy practices.


What kind of personal data we process and where do we obtain data?


We process personal data of our customers, such as, name of the contact person, position, phone number, email address, messages and information on company, such as business ID, address and invoicing details. We also process information that may be required pursuant to Finnish laws to identify our customers and to verify the identity of our customer’s contact persons, such as passport copies. We primarily obtain this information from the customer during the customer relationship.


We obtain personal data of potential customers, such as name, position, phone number and email address, from publicly available sources, such as websites of companies, LinkedIn or through our personal contacts or the contact form of our website.


For what purposes we process the date and what is the legal basis for processing?


We process personal data of our customers to fulfil the assignments, to interact with our customers and to invoice our services. This processing is based on contract between us. We retain invoicing details and information required to identify our customers, such as passport copies, to fulfil our legal obligations.


We process personal data of our potential customers to provide information on our services. This processing is based on our legitimate interest to do direct marketing. We truly believe that our way of working leads to cost efficient and business driven solutions which we provide for the benefit of our customers. In our opinion this processing helps you to make decisions on how you want to procure legal services and we have determined that this does not contravene with your interests or your fundamental rights and freedoms. Please note that you can object processing at any time.


How long do we retain personal data?


We retain customer data during the customer relationship and as long as necessary to fulfil our legal obligations, such as those stemming from the Accounting Act or the Act on Preventing Money Laundering and Terrorist Financing. After fulfilling the assignment, we may contact you to gather information on how we succeeded and whether we can assist you in another assignment.


Potential customers often become our customers, but if for some reason this is not the case, we remove personal data of potential customers within a reasonable time from the date we contacted them (no later than within the end of the calendar year).


Do we use cookies?


We may use cookies on the website and collect information regarding user’s terminal equipment and the use of our services. A cookie is a small text file which is saved on user’s browser. Cookies contain anonymous, numerical ID which enables us to calculate visitors and recognise returning visitors. Cookies do not enable us to process any information which could be used to directly identify a user, such as name or email address.


We use cookies to analyse the use of our website and to develop our services. We use Google Analytics, a web analysis service from the company Google Inc. Google Analytics uses cookies to analyse of your usage of the website. The information generated by the cookies is transferred to Google in the US and stored there. Google uses this information in order to evaluate your usage of our website and to compile reports about website activity.


You may prevent your data from being used by Google Analytics, by installing an opt-out browser add-on. You may also block or delete cookies by adjusting your browser settings.


What kind of rights do you have as a data subject?


We process your personal data in accordance with legislation and your wishes. You can find below information on your rights ensured by the data protection legislation, but if you have any questions or wishes, please do not hesitate to contact us. Our contact details are found on “Contact” section of our website.


  • Right of access: If you would like to retain a copy of the personal data processed by us, please contact us in writing and attach the necessary information for us to identify you in reliable manner. You may also visit us personally and access your personal data while enjoying a cup of coffee.


  • Right to rectification: Upon your request we rectify any inaccuracies in your personal data. 


  • Data portability: Upon your request, we provide you with a csv-copy of your personal data.


  • Right to object: You may object direct marketing and processing of personal data of potential customers which is based on our legitimate interest by contacting us.


  • Right to be forgotten: We remove personal data which is no longer needed for the purposes described above. You may also request deletion of your personal data.


  • Right to restrict processing: We restrict processing if, for example, we do not need your personal data for the purposes described above, but instead of deletion of data you request us to store the data.


  • Right to lodge complaint: If you feel that we have processed your personal data in breach of the applicable data protection legislation or this privacy policy, you may lodge a complaint with the supervisory authority (


Where do we transfer data?


We use partners to process personal data. For example, the provider of our customer and invoicing system, our accountant and the provider of our email and hosting services may access personal data. They are data processors which may use personal data of our customers solely to fulfil the agreement with us. We have executed data processing agreements which aim to ensure that your personal data is processed in accordance with applicable data protection legislation.


Some of our partners may be located outside EU or the EEA. If data processing requires that personal data is transferred or accessed outside EU or the EEA, we make sure that the transfer takes place in accordance with the applicable data protection legislation, for example by using the Standard Contractual Clauses by the European Commission or the Privacy Shield mechanism.


Do we disclose personal data to third parties?


If we would sell our business, we could disclose personal data of our customers to the buyer. Before the disclosure we would seek your opinion whether you would like to use the services offered by the buyer. Upon your request we may disclose your personal data to our partners, if we consider that our partners could offer you services instead of us or side by side with us. Otherwise, we do not disclose your personal data to third parties, unless law, regulation, court order or other legal requirement compels disclosure.


What kind of security measures do we use?


We have employed necessary technical and organisational security measures to protect your personal data against unlawful or unauthorised access, disclosure, loss and other unauthorised processing. These measures include, for example, use of firewalls, encryption technologies and secure facilities, appropriate access control, controlled grant of access rights and supervision of use of systems and properly instructing our personnel and partners participating in the processing of personal data.


This privacy policy has been updated on the following occasions:

  • February 26, 2019 when we took Google Analytics into use and added information on “Do we use cookies” section of this privacy policy. We also added information on joint controllership with Facebook. The changes we published on May 24, 2018 were based on EU General Data Protection Regulation (GDPR) becoming applicable;

  • June 4, 2019 when we updated the business name of our firm. No modifications to content.




Iconics Oy

Teollisuuskatu 21, 00510 Helsinki

  • Black Twitter Icon
  • Black LinkedIn Icon
  • Black Facebook Icon

Subsribe our newsletter!

© Iconics Oy, 2020